Passkeys Over Passwords: Kaspersky Sounds Alarm on 2025 Data Leaks

Nearly half of the passwords hacked or leaked in 2025 had already appeared in previous data breaches, according to a global cybersecurity firm Kaspersky. The company’s latest research shows that most users still fail to follow basic password security practices and continue using the same passwords for years, making them easy targets for cybercriminals.

Kaspersky’s analysis indicates that although passwords remain the most widely used login method, they are becoming increasingly insecure due to predictable human behavior. By examining major password leaks between 2023 and 2025, researchers found that many users rely on common patterns such as dates, numbers, names, or simple words like “12345” and “love”, significantly weakening security.

The study reveals that around 10 percent of passwords contained date-based numbers, while 54 percent of the passwords leaked in 2025 had also been exposed in earlier breaches, highlighting the widespread habit of long-term password reuse. On average, a compromised password remains unchanged for 3.5 to 4 years, greatly increasing the risk of brute-force attacks and credential stuffing.

To address these vulnerabilities, Kaspersky has emphasized the need for stronger authentication mechanisms. The company has promoted passkey technology as a safer alternative to traditional passwords, using cryptographic keys and biometric verification. This approach significantly reduces the risks associated with phishing and data leaks.

As part of this initiative, Kaspersky has introduced a new passkey feature in Kaspersky Password Manager, enabling users to easily create, store, and sync passkeys across devices. This allows for secure, one-tap login without relying on passwords.

Marina Titova, Vice President of Consumer Business at Kaspersky, said,
“Managing separate logins and passwords for work, education, and entertainment costs users both time and security. Kaspersky Password Manager has long helped simplify this through secure password generation and autofill. With the new passkey feature, we are taking account protection a step further—making it easier to use and more secure than ever before.”

To use passkeys, users need to update Kaspersky Password Manager, grant the required permissions, and follow in-app instructions on websites that support passkey authentication. Kaspersky has advised users to visit its official website to install the updated version of the password manager.